The policies are intended for Federal agency applications, but serve as a standard for many others as well.

NIST Improved Password Requirements

The NIST Digital Authentication Guideline strives for improved password requirements. One of the guiding principles is better user experience and shifting the burden to the verifier whenever possible. In order to support the creation of passwords that users will remember while implementing excellent security, several guidelines are important:

Conclusion

Overall, the new guidelines put the user experience at the forefront while also establishing more robust storage and authentication methods. Although the NIST Digital Authentication Guideline governs Federal sites, its tenets are good standards for any app or site with authentication. The guideline is currently in draft. When the policies are final, Federal agencies as well as many other companies and vendors will make strides to comply with the new guidelines for improved authentication security and user experience. To learn more, check out the NIST Draft 800-63-3 itself and Jim Fenton's "Toward Better Password Requirements" presentation.